1. Technical Field
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for managing audit logs in a data processing system. Still more particularly, the present invention provides a method and apparatus for creating and verifying audit logs in a relational database without compromising the ability to detect data tampering in a data processing system.
2. Description of Related Art
Audit logs have long been used to keep permanent records of events. The audit log can be used at some future date to reconstruct events that happened in the past. This reconstruction might be required for legal, accounting, or security purposes or for recovery after a disaster.
Audit logs are more useful if the entries can be authenticated in some way. In paper systems, the physical log itself enforces this authentication. However, modern audit logs are often kept in digital files within a computer system. Such computer audit logs differ from paper documents in that they can be more easily modified undetectably. For example, it is easy to add, delete, or modify individual entries within an audit log in a computer system in such a way that the changes will go undetected. In fact, many computer hackers who break into computer systems take specific actions to modify the audit logs to erase all traces of their actions.
Computer security manufacturers have responded to this threat in several ways. One is to force the audit log to be continuously printed out on paper. Variants of this technique involve writing the audit log to a non-erasable medium, such as a CD-ROM. Another approach uses conventional computer security techniques to guard the audit log files. Such techniques include hiding and encrypting the log files or requiring special permissions to write to them. These techniques work well in some applicationsxe2x80x94most notably when the audit log is stored on a shared computer and the malicious person trying to modify the audit log does not have full permissions on that computerxe2x80x94but are not without their disadvantages. For example, clever hackers can often figure out ways around the computer security techniques and make changes to the audit log.
A common implementation approach for audit subsystems is to store audit records in a flat file. Such solutions are limited in terms of scalability, transaction support, sophisticated query capabilities, and recovery. Furthermore, they are not amenable to supporting on-line integrity checking or on-line archiving.
Therefore, it would be advantageous to have an improved method and apparatus for protecting against data tampering of audit logs.
The present invention solves the problems associated with the prior art by storing audit records in a relational database comprising a primary audit log table, auxiliary tables, and a system table. Audit record level protection is achieved by including an integrity column in every audit record and by assigning a unique identifier, such as a serial number, to each audit record. System level protection is achieved by maintaining serial number range and integrity information in the system table. The present invention provides for detection of unauthorized row modification, deletion, or insertion, and incorporates extra measures to protect against administrator attacks. Using the serial number range in the system table, a snapshot may be taken of the audit log to enable integrity checking and audit log archiving without having to suspend or bring down the audit subsystem.